Welcome to WebmasterWorld Guest from 22.214.171.124
Forum Moderators: bill
Microsoft Issues One-Year Vulnerability Report for Windows Vista [windowsitpro.com]
Microsoft this week issued a report analyzing the vulnerability disclosures and security updates for Windows Vista's first year on the market, comparing this information to similar first-year data for its predecessor, Windows XP, and contemporary competition such as Red Hat Enterprise Linux, Ubuntu Linux, and Apple Mac OS X. Not surprisingly, given the deep security improvements that the company made to Vista, Microsoft's latest OS came out well ahead of the other systems.
Windows Vista had 36 fixed vulnerabilities. This compared to 65 for Windows XP, 116 for Mac OS X 10.4, 224 for Ubuntu 6.06 LTS, and a whopping 360 for Red Hat Enterprise Linux 4.
As the article points out, this doesn't measure overall security. It just shows that there are fewer vulnerabilities affecting Vista over the period studied.
And what do they mean exactly by "fixed" vulnerabilities anyway? Does that mean that there could be a myriad of "unfixed" (and unpublished) vulnerabilities in Vista that they are not counting?
And before Linux enthusiasts claim some sort of bias, Jones actually went to the trouble of discounting non-core components on the Linux systems tested. So vulnerabilities in open source products like OpenOffice.org, GIMP, and various development tools were not counted against those systems. "It is a common objection to any Windows and Linux comparison that counting the 'optional' applications against the Linux distribution is unfair, so I've completed an extra level of analysis to exclude component vulnerabilities that do not have comparable functionality shipping with a Windows OS," Jones noted.
I think this report has been criticized for including Linux applications in the past. It appears they tried to address that this time around.
And what do they mean exactly by "fixed" vulnerabilities anyway?.
36 Windows Vista
65 Windows XP
116 Mac OS X 10.4
224 Ubuntu 6.06 LTS
360 Red Hat Enterprise Linux 4
So according to this report, Mac OS (based on FreeBSD) is more secure than Linux. Pretty logical, I think.
I wonder why users of free software have been so quiet about this report. If they have been so quiet, there should be something right about the report.
Am I wrong?
[edited by: bill at 2:37 am (utc) on May 10, 2008]
[edit reason] language [/edit]
This study never undertook to compare Linux vs Windows, it only sought to compare XP vs Vista (which is why those 2 are the only ones that share the same methodology and actually show data).
While security improvement for Windows users is the key goal I am examining, it is also interesting to investigate how Windows Vista compares with other current operating systems.
This is where the entire study becomes a bit of a joke, there is no data, just some graphs and a different way of counting bugs. How can you seriously compare 2 different things using different methodologies for reporting them?
I suppose it is no surprise that this marketing report was done by Microsoft for Microsoft.
Here is my scientific study proving that OSX and Linux are one million times as secure as Windows.
Windows viruses in the wild = billions
OSX viruses in the wild = 0
Linux viruses in the wild = 0
That means Windows is infinity less secure than any other OS.
Figure 9 compares Windows XP, Windows Vista, Red Hat, Ubunto and MAC OS X.
The author of the security report writes: "Figure 9 shows that the reduction in security vulnerabilities for Windows Vista is not just favorable as compared to its own predecessor [Windows XP], but is also favorable relative to other industry OS offerings."
Table 3: Summary Table for All Products Analyzed is quite revealing. Attention should be given to the row Vulnerabilities Fixed.
According to Table 3, it's clear the security offered by Windows Vista vs Red Hat's and Apple's. Ubunto is a free product so get a reliable nix Wizard to help you!
[edited by: bill at 5:14 am (utc) on May 20, 2008]
[edit reason] The original article has a direct link to the PDF already [/edit]